Add section on dependency management
We don't currently have guidance on best practices of dependency management. In Python, there are several approaches one can take, including:
- frozen versions for everything
- frozen or compatible problem modules, the rest to a compatible version
- frozen or compatible problem modules, the rest are undefined
- all undefined, let God do the sorting
More than one of these may be appropriate. One might, for example, have a test pipeline with undefined versions to test the latest packages, or choose freezing everything to archive a project in a known working state. I don't know about Node but I imagine there are similar issues there.